Kerberos in Druid

[averma111]

Hi Team,

We have successfully setup Kerberos on Druid and we are trying to open Router console page, the page is failing with 403 status code and logs says below issue:

2020-04-06T15:22:44,293 WARN [qtp1051927339-80] org.apache.druid.security.kerberos.KerberosAuthenticator - AuthenticationToken ignored: org.apache.hadoop.security.authentication.util.SignerException: Invalid signed text:

How to resolve this issue. We are not able to open console page.Although we are able to insert data and query it.

Thanks,
Ashish

[himanshug]

that looks like something was wrong with signed secret in the cookie, you should clear your cookies and try again.

[averma111]

@himanshug we have cleared cookies several time, everything is working excpet UI is not opening.
The first time your open the router you get below error
GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

when we fresh it again we get below error

Problem accessing /unified-console.html. Reason:

org.apache.hadoop.security.authentication.util.SignerException: Invalid signed text: 

[himanshug]

first error could be related to https://stackoverflow.com/questions/47227276/gssexception-defective-token-detected-when-trying-to-authenticate-to-tomcat and that leads to second error

[sydt2014]

This caused by CookieManager in KerberosHttpClient；CookieManager can not work correctly.

[github-actions]

This issue has been marked as stale due to 280 days of inactivity.
It will be closed in 4 weeks if no further activity occurs. If this issue is still
relevant, please simply write any comment. Even if closed, you can still revive the
issue at any time or discuss it on the dev@druid.apache.org list.
Thank you for your contributions.

[github-actions]

This issue has been closed due to lack of activity. If you think that
is incorrect, or the issue requires additional review, you can revive the issue at
any time.

[basapuram-kumar]

Cleaning the cookies worked for me to access the web UI's from local mac